Monday, April 17, 2006

as privileges and user management stuff is complete, we're done withfeatures for 0.7.0. I'd like to get the list of things that need to befix/polished before the release.

One of the problems is perhaps AdvancedMetadataSearch dialog. We stillhaven't decided what exactly should it look like. Do you guys think thatwe can go with 0.7.0 release with it - as it is now? It is completelyfunctional, just the layout and some other details are probablydifferent than they should be.

Other thing is StatementHistoryFrame. For the time being, I'd like tomake a modal dialog out of it (select SQL statement from history andclose it). I know how I'd do it when deriving from wxDialog, but I'm notsure what happens if we're to derive it from BaseDialog. What happenswith "buttons panel and sizer". Perhaps we should leave search box andsearch/delete buttons at top, and move "Copy to editor" button to bottom- and also add "Close" button to it?

I'd also like to know how does PrivilegesDialog look on other platforms,as I only tested on Linux. I tried on Windows 98 at some point, and itseemed fine, but I'd like to know about WinXP and Mac.

Sunday, April 09, 2006

This is still a work in progress, but you can already look at table and view privileges. The main problem we currently have is that wxHtmlWindow doesn't support TITLE attribute of IMG tag. I wanted to use it to display the grantor (user who granted the privilege) as a tooltip - when you hover the mouse over privilege icon.

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

Friday, April 07, 2006

- all passwords(PW) are encrypted with master password (MPW)- MPW is not saved in any file, it is only known to the user- PW + MPW => Cipher (cipher is stored in .conf file)- When PW needs to be decrypted, user is prompted for MPW- Cipher + MPW => PW

Defense from "known plain-text" attack:

- If the attacker gets a hold on to .conf file and knows one of the PWs he would be able to compute MPW (Cipher + PW => MPW). In order to prevent this, we use the following scheme:

- we take MPW+username+full_database_path, and use it as a seed for some irreversible random number generator (RNG) like ISAAC.- we use the numbers produced by RNG to encrypt the PW.- since numbers are unique for each username+full_db_path and RNG is not reversible, the attacker cannot get MPW, and he also cannot decrypt any other password.

Monday, April 03, 2006

today I took a look at FlameRobin after a few days away from it, andhere are some things I noticed that are not optimal IMO. Maybe youdon't agree, maybe you agree and want to fix/change some of them, maybeI'll get around to some of them...

Anyway, here goes:

1) All property pages:- The links on top of the pages jump around when one follows them, andthe link for the current page disappears. I much prefer the way e.g.SourceForge handles this, with all links always visible in the sameplace, with the current page as standard text of the same font. Compareenabling/disabling controls to hiding them.

2) Database property page:- The page uses two narrow tables of fixed width, while all other useexpanding tables, stacked vertically. I'd prefer consistency.- Could the database size be given in MB? Even better would be adynamic label (kB/MB/GB)...- We need a database32.xpm file, current icon is the generic FR one.

3) Advanced Metadata Search frame:- The layout needs to be improved. It is too large (minimal size on mysystem 824x347), to wide for the height (a ratio of about 4:3 would beideal), and it is quite confusing. It would also be hard to extend it(adding more criteria, adding AND/OR combination of criteria, ...). Idon't really have a better layout in mind ATM, but I would like it to becloser to the backup/restore frame layout: controls in the upper part,then the action button, then the result list in the lower part.- The "DDL for selected objects" control shouldn't be there at all,IMHO. Double click on the result list would open the property page withthe same information (default action for DBH objects, known behaviourfrom the tree control).

4) SQL Execution frame:- SQL History frame should at least stay on top of parent executionframe, otherwise frame relation is lost when $user switches betweenframes. But I doubt that a frame is actually the right design there.How about a list box left or right of the SQL edit control, with asplitter, keyboard and drag and drop operations instead of buttons,... ?

Saturday, April 01, 2006

Milan Babuskov one of original creators of fbManager which became Flamerobin, just made it publicly known that he now works for MySQL AB.

My project, Flamerobin and Firebird Foundation , have been acquired by MySQL, AB. Aspart of the agreement, I will be working full time for MySQL. I expectto lurk on the flamerobin-devel list from time to time and may contributethe occasional wolf-o-gram, but I will not be taking an active part inFlamerobin development. Although Mariuz will work for MySQL, part time,translating from wolf to English,He will continue to be active in theFirebird/Flamerobin projects.

Ann Harrison gave the idea to buy all the firebird developers with this poston firebird-support

By downloading flamerobin you agree to the following disclaimer:This programme carries no warranties either implied or explicit. Use at your own risk. It was written by me as a personal challenge. It seemed to work when I ran it, but it might not work for you. It might also delete random files, send pornographic pictures to the president, crash you computer or cause space aliens to destroy the planet. Use it at your own risk and remember: if it’s not backed up, it’s not important.